在python 2.7.9中禁用默认证书验证

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了在python 2.7.9中禁用默认证书验证相关的知识,希望对你有一定的参考价值。

我尝试与XMLRPC api建立本地HTTPS连接。自从我升级到enable by default certificates verification的python 2.7.9后,我在使用API​​时遇到了CERTIFICATE_VERIFY_FAILED错误

>>> test=xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',verbose=False, use_datetime=True)
>>> test.list_satellites()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1301, in single_request
    self.send_content(h, request_body)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/local/lib/python2.7/httplib.py", line 997, in endheaders
    self._send_output(message_body)
  File "/usr/local/lib/python2.7/httplib.py", line 850, in _send_output
    self.send(msg)
  File "/usr/local/lib/python2.7/httplib.py", line 812, in send
    self.connect()
  File "/usr/local/lib/python2.7/httplib.py", line 1212, in connect
    server_hostname=server_hostname)
  File "/usr/local/lib/python2.7/ssl.py", line 350, in wrap_socket
    _context=self)
  File "/usr/local/lib/python2.7/ssl.py", line 566, in __init__
    self.do_handshake()
  File "/usr/local/lib/python2.7/ssl.py", line 788, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
>>> import ssl
>>> ssl._create_default_https_context = ssl._create_unverified_context
>>> test.list_satellites()
[{'paired': True, 'serial': '...', 'enabled': True, 'id': 1, 'date_paired': datetime.datetime(2015, 5, 26, 16, 17, 6)}]

在python 2.7.9中是否存在禁用默认证书验证的pythonic方法?

我真的不知道改变“私有”全局SSL属性是否有用(ssl._create_default_https_context = ssl._create_unverified_context

答案

您必须提供未经验证的SSL上下文,手动构建或使用ssl模块中的私有函数_create_unverified_context():

import xmlrpclib
import ssl

test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             context=ssl._create_unverified_context())
test.list_satellites()

注意:此代码仅适用于python> = 2.7.9(在Python 2.7.9中添加了contextparameter)

如果您希望代码与以前的Python版本兼容,则必须使用transport参数:

import xmlrpclib
import ssl

context = hasattr(ssl, '_create_unverified_context') and ssl._create_unverified_context() 
          or None
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             transport=xmlrpclib.SafeTransport(use_datetime=True, 
                                                               context=context))
test.list_satellites()
另一答案

可以使用Python 2.7.9+上现有的公共ssl API禁用验证:

import xmlrpclib
import ssl

ssl_ctx = ssl.create_default_context()
ssl_ctx.check_hostname = False
ssl_ctx.verify_mode = ssl.CERT_NONE
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             context=ssl_ctx)
test.list_satellites()
另一答案

以Python 2.6.6为例:

s = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API', transport=None, encoding=None, verbose=0,allow_none=0, use_datetime=0)

这个对我有用...

以上是关于在python 2.7.9中禁用默认证书验证的主要内容,如果未能解决你的问题,请参考以下文章

[转]关于python出现ssl:certificate_verify_failed问题

SSL 证书 - 在 axios 中禁用验证并做出反应

markdown 使用自签名证书在git存储库中禁用SSL验证

在 hsqldb 中禁用主机名验证

如何禁用 cURL SSL 证书验证 [重复]

是否有用于禁用证书验证的 java 设置? [复制]